Details of VAR-201906-0994

ID

VAR-201906-0994

CVE

CVE-2018-3583

TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015624

DESCRIPTION

A buffer overflow can occur while processing an extscan hotlist event in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS605, SD 625, SD 636, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. WLAN is one of the wireless LAN components. A buffer overflow vulnerability exists in WLANs in several Qualcomm products. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9640; MDM9650; MSM8909W; MSM8996AU; QCA9379; QCS605;

Trust: 2.25

sources: NVD: CVE-2018-3583 // JVNDB: JVNDB-2018-015624 // CNVD: CNVD-2019-18603 // VULHUB: VHN-133614

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-18603

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	qca9379	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 636	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	820	Trust: 0.6
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	835	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	855	Trust: 0.6
vendor:	qualcomm	model:	sda660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm630	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdx20	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-18603 // JVNDB: JVNDB-2018-015624 // NVD: CVE-2018-3583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-3583
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-3583
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-18603
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201906-620
value:	HIGH
Trust: 0.6
VULHUB:	VHN-133614
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-3583
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-18603
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-133614
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-3583
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-18603 // VULHUB: VHN-133614 // JVNDB: JVNDB-2018-015624 // CNNVD: CNNVD-201906-620 // NVD: CVE-2018-3583

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-133614 // JVNDB: JVNDB-2018-015624 // NVD: CVE-2018-3583

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-620

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-620

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015624

PATCH

title:	May 2019 Code Aurora Security Bulletin	url:	https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin	Trust: 0.8
title:	Patches for WLAN Buffer Overflow Vulnerabilities in Multiple Qualcomm Products	url:	https://www.cnvd.org.cn/patchInfo/show/163911	Trust: 0.6
title:	Multiple Qualcomm product WLAN Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93836	Trust: 0.6

sources: CNVD: CNVD-2019-18603 // JVNDB: JVNDB-2018-015624 // CNNVD: CNNVD-201906-620

EXTERNAL IDS

db:	NVD	id:	CVE-2018-3583	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-015624	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-620	Trust: 0.7
db:	CNVD	id:	CNVD-2019-18603	Trust: 0.6
db:	VULHUB	id:	VHN-133614	Trust: 0.1

sources: CNVD: CNVD-2019-18603 // VULHUB: VHN-133614 // JVNDB: JVNDB-2018-015624 // CNNVD: CNNVD-201906-620 // NVD: CVE-2018-3583

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-3583	Trust: 2.0
url:	https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3583	Trust: 0.8

sources: CNVD: CNVD-2019-18603 // VULHUB: VHN-133614 // JVNDB: JVNDB-2018-015624 // CNNVD: CNNVD-201906-620 // NVD: CVE-2018-3583

SOURCES

db:	CNVD	id:	CNVD-2019-18603
db:	VULHUB	id:	VHN-133614
db:	JVNDB	id:	JVNDB-2018-015624
db:	CNNVD	id:	CNNVD-201906-620
db:	NVD	id:	CVE-2018-3583

LAST UPDATE DATE

2024-11-23T21:37:12.344000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-18603	date:	2019-06-24T00:00:00
db:	VULHUB	id:	VHN-133614	date:	2019-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-015624	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-620	date:	2019-06-18T00:00:00
db:	NVD	id:	CVE-2018-3583	date:	2024-11-21T04:05:42.633

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-18603	date:	2019-06-19T00:00:00
db:	VULHUB	id:	VHN-133614	date:	2019-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-015624	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-620	date:	2019-06-14T00:00:00
db:	NVD	id:	CVE-2018-3583	date:	2019-06-14T17:29:01.080